What's new

AiMesh multi-band security issue - network can become unsecured!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheScotsman

Occasional Visitor
While playing with AiMesh and guest network access, I've uncovered a security issue - I think this is kind of an edge case, but given the way many of us hoard and reuse our older hardware I wanted to bring it to attention.

My AiMesh router is a GT-AXE11000, a tri-band router on 2.4GHz/5GHz/6GHz. The AiMesh node is an RT-AC5300, also tri-band but on 2.4GHz/5GHz/5GHz. The RT-AC5300 internals a a little peculiar so perhaps this is specific to that model. I have my main network SSID shared on all three bands of the GT-AXE11000 and SmartConnect enabled. 2.4GHz and 5GHz authenticate with WPA2-Personal (changed from the default WPA2/WPA3-Personal as that appeared to be tripping up a client); on 6GHz it's WPA3-Personal.

What I saw is that on the AiMesh node, the second 5GHz band is UNSECURED; no password required to connect to the network, and it provides connectivity just fine! On my phone's wifi list I can actually see two entries for the network, one with the lock, one without. I'm not sure if the mismatch is because of WPA3-Personal running on the router's 6GHz band (the only options are that or "enhanced open" so no way to test); or if it's not lining up the security parameters because of the frequency difference (maybe it doesn't know what to match with?). In any event, it opened up my core network - the only workaround I've found for now is to disable the radio for that 2nd 5Ghz band on the RT-AC5300 node, which makes the unsecured network disappear.
 
Lol - "Doctor, it hurts when I do <this>" "Then don't do <this>, patient"
good common sense. (Just how many wifi networks do we truly NEED, anyway?)
And you bring up a good point - it may not be the best idea to mix AC and AX if you're looking to have a simple and easy network.
 
Yep, definitely a "don't do that!" :) Glad I caught it - the AX lives in the house and the house is basically wrapped in aluminum foil, so of course the secured networks are also pretty "radio contained" to the house, but the plan for the AC is to put it in the (unshielded) attic to give some good coverage out in the lawn and by our BBQ and fire pit; would've been broadcasting the unsecured network to all our neighbors (they're nice folks, but still ...)
 
it may not be the best idea to mix AC and AX if you're looking to have a simple and easy network.
Perhaps. Seems this case pertains more to the node's 5-2 not having a proper controlling counterpart on the master, thus goes free-range. It's time to relinquish central control and run that unit in AP mode.

Or throw that radio away by disabling it within the Aimesh control for that node.
 
@glens, that's exactly what I did for now, disabling the 5-2 radio removes the unsecured network. Good enough for now for me - I don't need the second 5G radio, and if I added additional units I'd grab 2.4/5/6 tri-bands going forward. This thread was more a warning for the gear-hoarders like me that you can wind up with an unsecured network if you're not careful!
 
More than a year has passed, ASUS has released several firmware updates for different mesh-devices, but has not bothered to fix this security issue. That's all You need to know about this company.
 
More than a year has passed, ASUS has released several firmware updates for different mesh-devices, but has not bothered to fix this security issue. That's all You need to know about this company.
Has it ever been reported to them though? It's okay posting on here, but if they're not aware, how can they fix?
 
Has it ever been reported to them though? It's okay posting on here, but if they're not aware, how can they fix?
That's a really good point, I certainly didn't report it to them, and it's a weird enough edge case that it's possible nobody has. I still have this hardware in use, if I can kick the family off it long enough I'll bump it back to all stock firmware and make sure the problem occurs on it (99% sure that it will), then report it to Asus after putting everything back to Merlin.

For that matter, I haven't actually tested it on the current Merlin releases, will do that first (much easier) and make sure it's still a problem. Easy as turning the radio back on ... :)
 
***Report it to them while still on stock firmware (there are links in the GUI to do so).
 
We've got more available options than most mainstream manufacturers offer. I guess it's hard to guess, and test, every possible combination. I don't harshly fault them for missing this situation, and am fairly confident that they'd hop right on it if made aware.
 
I'll bump them back to stock to report as soon as I can get the workaholic and the gamer off the network. Between the two of them and overnight system backups we're up and in use 24x7x365.25 :)
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top